svn commit: r548683 - in head/security: . pam_pkcs11 pam_pkcs11/files
Li-Wen Hsu
lwhsu at FreeBSD.org
Mon Sep 14 20:34:29 UTC 2020
Author: lwhsu
Date: Mon Sep 14 20:34:26 2020
New Revision: 548683
URL: https://svnweb.freebsd.org/changeset/ports/548683
Log:
Add security/pam_pkcs11, PAM module using crypto tokens for auth
Submitted by: Ka Ho Ng <khng300 at gmail.com>
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D26419
Added:
head/security/pam_pkcs11/
head/security/pam_pkcs11/Makefile (contents, props changed)
head/security/pam_pkcs11/distinfo (contents, props changed)
head/security/pam_pkcs11/files/
head/security/pam_pkcs11/files/pkg-message.in (contents, props changed)
head/security/pam_pkcs11/pkg-descr (contents, props changed)
head/security/pam_pkcs11/pkg-plist (contents, props changed)
Modified:
head/security/Makefile
Modified: head/security/Makefile
==============================================================================
--- head/security/Makefile Mon Sep 14 20:34:21 2020 (r548682)
+++ head/security/Makefile Mon Sep 14 20:34:26 2020 (r548683)
@@ -720,6 +720,7 @@
SUBDIR += pam_mkhomedir
SUBDIR += pam_ocra
SUBDIR += pam_p11
+ SUBDIR += pam_pkcs11
SUBDIR += pam_pwdfile
SUBDIR += pam_require
SUBDIR += pam_script
Added: head/security/pam_pkcs11/Makefile
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/security/pam_pkcs11/Makefile Mon Sep 14 20:34:26 2020 (r548683)
@@ -0,0 +1,100 @@
+# Created by: Ka Ho Ng <khng300 at gmail.com>
+# $FreeBSD$
+
+PORTNAME= pam_pkcs11
+PORTVERSION= 0.6.11
+CATEGORIES= security
+
+MAINTAINER= khng300 at gmail.com
+COMMENT= PAM module using crypto tokens for auth
+
+LICENSE= LGPL21
+
+RUN_DEPENDS= bash:shells/bash
+
+USES= autoreconf gmake libtool pkgconfig shebangfix
+
+USE_GITHUB= yes
+GH_ACCOUNT= OpenSC
+GH_TAGNAME= ${PORTNAME}-${PORTVERSION}
+
+GNU_CONFIGURE= yes
+
+CONFIGURE_ARGS= --with-confdir=${ETCDIR}
+CONFIGURE_ENV= OPENSSL_CFLAGS="-I${OPENSSLINC}" \
+ OPENSSL_LIBS="-L${OPENSSLLIB} -lcrypto"
+
+SHEBANG_FILES= tools/pkcs11_make_hash_link
+
+SUB_FILES= pkg-message
+
+OPTIONS_DEFINE= CURL DEBUG DOCS LDAP NLS NSS PCSC SSL
+OPTIONS_DEFAULT= PCSC SSL
+OPTIONS_SUB= yes
+
+CURL_LIB_DEPENDS= libcurl.so:ftp/curl
+CURL_CONFIGURE_WITH= curl
+
+LDAP_USE= OPENLDAP=yes
+LDAP_CONFIGURE_WITH= ldap
+
+# Users can only choose either NSS or SSL
+NSS_DESC= Enable Mozilla's NSS support
+NSS_CONFIGURE_WITH= nss
+NSS_LIB_DEPENDS= libnss3.so:security/nss \
+ libnspr4.so:devel/nspr
+NSS_PREVENTS= SSL
+
+PCSC_DESC= Enable PC/SC support
+PCSC_LIB_DEPENDS= libpcsclite.so:devel/pcsc-lite
+PCSC_CONFIGURE_WITH= pcsclite
+
+SSL_USES= ssl
+
+NLS_CONFIGURE_ENABLE= nls
+NLS_USES= gettext
+
+DOCS_CONFIGURE_ENABLE= doc
+
+PORTDOCS= *
+
+PAM_PKCS11_EXAMPLEDOCS= \
+ etc/card_eventmgr.conf.example \
+ etc/digest_mapping.example \
+ etc/mail_mapping.example \
+ etc/pam.d_login.example.in \
+ etc/pam_pkcs11.conf.example.in \
+ etc/pkcs11_eventmgr.conf.example \
+ etc/subject_mapping.example
+
+.include <bsd.port.options.mk>
+
+.if ! ${PORT_OPTIONS:MDEBUG}
+INSTALL_TARGET= install-strip
+.else
+CONFIGURE_ARGS+= --with-debug=yes
+.endif
+
+.if ${PORT_OPTIONS:MDOCS}
+BUILD_DEPENDS+= xsltproc:textproc/libxslt \
+ ${LOCALBASE}/share/xsl/docbook/html/docbook.xsl:textproc/docbook-xsl
+CONFIGURE_ENV+= XSLTPROC="${LOCALBASE}/bin/xsltproc"
+CONFIGURE_ARGS+=--with-xsl-stylesheetsdir=${LOCALBASE}/share/xsl/docbook
+.else
+CONFIGURE_ENV+= XSLTPROC="${FALSE}"
+CONFIGURE_ARGS+=--without-xsl-stylesheetsdir
+.endif
+
+post-patch:
+.for f in ${PAM_PKCS11_EXAMPLEDOCS}
+ @${REINPLACE_CMD} -e 's|/etc/${PORTNAME}|${ETCDIR}|g' \
+ -e 's|file:///etc/${PORTNAME}/|file://${ETCDIR}/|g' \
+ -e 's|/usr/lib|${PREFIX}/lib|g' \
+ -e 's|/usr/share|${PREFIX}/share|g' \
+ ${WRKSRC}/${f}
+.endfor
+
+pre-configure:
+ @(cd ${WRKSRC} && ./bootstrap)
+
+.include <bsd.port.mk>
Added: head/security/pam_pkcs11/distinfo
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/security/pam_pkcs11/distinfo Mon Sep 14 20:34:26 2020 (r548683)
@@ -0,0 +1,3 @@
+TIMESTAMP = 1599929612
+SHA256 (OpenSC-pam_pkcs11-0.6.11-pam_pkcs11-0.6.11_GH0.tar.gz) = 6674ec488757ce6dc6768ebdb215d3b92897702517f182decfb222d03a98461b
+SIZE (OpenSC-pam_pkcs11-0.6.11-pam_pkcs11-0.6.11_GH0.tar.gz) = 271552
Added: head/security/pam_pkcs11/files/pkg-message.in
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/security/pam_pkcs11/files/pkg-message.in Mon Sep 14 20:34:26 2020 (r548683)
@@ -0,0 +1,8 @@
+[
+{ type: install
+ message: <<EOM
+Note: base configuration directory is %%ETCDIR%% instead of
+/etc/pam_pkcs11 in PAM-PKCS11 User Manual.
+EOM
+}
+]
Added: head/security/pam_pkcs11/pkg-descr
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/security/pam_pkcs11/pkg-descr Mon Sep 14 20:34:26 2020 (r548683)
@@ -0,0 +1,18 @@
+pam_pkcs11 is a login module allowing a X.509 certificate
+based user login. The certificate and its dedicated private
+key are thereby accessed by means of an appropriate PKCS#11
+module. For the verification of the users' certificates,
+locally stored CA certificates as well as either online or
+locally accessible CRLs are used.
+
+PAM-PKCS#11 package provides:
+
+ A PAM module able to:
+ Use certificates to get user credentials
+ Deduce a login based on provided certificate
+ Several tools:
+ Standalone cert-to-login finder tool
+ Certificate contents viewer
+ Card Event status monitor, to trigger actions on card insert/removal
+
+WWW: https://github.com/OpenSC/pam_pkcs11
Added: head/security/pam_pkcs11/pkg-plist
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/security/pam_pkcs11/pkg-plist Mon Sep 14 20:34:26 2020 (r548683)
@@ -0,0 +1,26 @@
+bin/card_eventmgr
+bin/pkcs11_eventmgr
+bin/pkcs11_inspect
+bin/pkcs11_listcerts
+bin/pkcs11_make_hash_link
+bin/pkcs11_setup
+bin/pklogin_finder
+lib/pam_pkcs11/opensc_mapper.so
+lib/pam_pkcs11/openssh_mapper.so
+lib/security/pam_pkcs11.so
+man/man1/card_eventmgr.1.gz
+man/man1/pkcs11_eventmgr.1.gz
+man/man1/pkcs11_inspect.1.gz
+man/man1/pkcs11_listcerts.1.gz
+man/man1/pkcs11_make_hash_link.1.gz
+man/man1/pkcs11_setup.1.gz
+man/man1/pklogin_finder.1.gz
+man/man8/pam_pkcs11.8.gz
+%%NLS%%share/locale/de/LC_MESSAGES/pam_pkcs11.mo
+%%NLS%%share/locale/pt_BR/LC_MESSAGES/pam_pkcs11.mo
+%%NLS%%share/locale/ru/LC_MESSAGES/pam_pkcs11.mo
+%%NLS%%share/locale/it/LC_MESSAGES/pam_pkcs11.mo
+%%NLS%%share/locale/tr/LC_MESSAGES/pam_pkcs11.mo
+%%NLS%%share/locale/pl/LC_MESSAGES/pam_pkcs11.mo
+%%NLS%%share/locale/fr/LC_MESSAGES/pam_pkcs11.mo
+%%NLS%%share/locale/nl/LC_MESSAGES/pam_pkcs11.mo
More information about the svn-ports-all
mailing list